Hacker News new | comments | show | ask | jobs | submit login

Encryption without authentication is useless. If mybank.com only supports encryption, I have no idea whether I'm actually connected to mybank.com , or to the guy running tcpdump in the next booth.

Well, of course encryption without authentication is useless for authentication.

It is still useful for encryption, though :-)

No, it's not. To encrypt data between two parties who don't know each other, both sides have to agree on a key. There is no protocol that does that securely in the presence of a man in the middle without a "tiebreaker"; the tiebreaker SSL PKI uses is certificates.

But doesn't (unauthenticated) encryption at least protect against eavesdroppers who don't have the ability to modify the stream, i.e. to mount a MITM attack?

"eavesdroppers who don't have the ability to modify the stream" are a nice fairytale, but they don't really exist in practice, with current network protocols. DNSSEC might change this, once it becomes universal.

What about Firesheep users? Surely there are many people who find it a lot easier to just capture some WiFi traffic via libpcap, WireShark or the like than to set up a fake WiFi access point, poison a DNS cache or mount other such attacks that would allow them to actually modify traffic.

Why are we talking about defenses that are defeated by just a couple lines of code? Firesheep could use pcap_write in addition to pcap_loop and redirect connections. What's the point of a defense that breaks Firesheep 1.0 only to fall to Firesheep 2.0?

Isn't that a bit like saying that it's pointless for policemen to wear bulletproof vests because there could always be a sniper aiming at their head?

Generally speaking, and regardless of today's protocols, surely passive eavesdropping is and will always remain easier to accomplish than actively mounting a MITM attack.

No. The opposite is true. It's actually easier to MITM in 2011 than it is to sniff passively; the MITM only needs to play packet games long enough to get the victim to connect to her.

Interesting, I didn't realize that. Since you're tptacek I'll take your word for it :-)

The only reason Firesheep doesn't modify traffic is because it doesn't have to. Faking DNS replies or similar would be trivial to add, were it needed.

The vulnerability here isn't "someone running Firesheep" - that's the exploit. The vulnerability here is "an open WiFi network is a completely trusted medium".

Given the recent EFF story about AT&T shunting all their traffic through NSA computers, I would say it most certainly exists in practice. Basic encryption with no authentication doesn't hold up at all to directed attacks, but it would definitely help with big siphoning attacks that are actually happening right now.

MITM attacks don't have to be directed. It's not technically challenging to mass-MITM a channel --- but you probably wouldn't do that, because you can just pick "interesting" connections (like, to Google Mail) to intercept.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact